aws-sdk-iam 1.57.0 → 1.61.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-iam/account_password_policy.rb +4 -3
- data/lib/aws-sdk-iam/client.rb +203 -172
- data/lib/aws-sdk-iam/login_profile.rb +5 -4
- data/lib/aws-sdk-iam/resource.rb +15 -9
- data/lib/aws-sdk-iam/types.rb +74 -65
- data/lib/aws-sdk-iam/user.rb +3 -2
- data/lib/aws-sdk-iam.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 55d594a115585ecc0ca073fe8486b170405e1666aeffd5dbb9ada7fae3cd041e
|
4
|
+
data.tar.gz: 533858168ba1dfd6aa25a2b4f134bcfe4eb49508b9dcc9c90546e24f0de18e6b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83fb07b97bbd0bbb010f26d72aa5c3eebe6163a398a6e069542f3ae254f096bee1752d7cbda87581317df3f2c5b6e65181731a21c7005b6bd31853922008ea3b
|
7
|
+
data.tar.gz: 1da30b4abe1a5f5bd36b170ebd2bda9a121ccefc28da18d2831fddb74d0579ce3fe2d9f1aeb8006a24677a98f936243e769d999c9a385675174fcfd711d37b03
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.61.0 (2021-09-22)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Added changes to OIDC API about not using port numbers in the URL.
|
8
|
+
|
9
|
+
1.60.0 (2021-09-01)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.59.0 (2021-07-30)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.58.0 (2021-07-28)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
23
|
+
|
4
24
|
1.57.0 (2021-07-21)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.61.0
|
@@ -288,9 +288,10 @@ module Aws::IAM
|
|
288
288
|
# uses the default value of `false`. The result is that passwords do not
|
289
289
|
# require at least one lowercase character.
|
290
290
|
# @option options [Boolean] :allow_users_to_change_password
|
291
|
-
# Allows all IAM users in your account to use the
|
292
|
-
# change their own passwords. For more
|
293
|
-
# users change their own passwords][1] in
|
291
|
+
# Allows all IAM users in your account to use the Amazon Web Services
|
292
|
+
# Management Console to change their own passwords. For more
|
293
|
+
# information, see [Letting IAM users change their own passwords][1] in
|
294
|
+
# the *IAM User Guide*.
|
294
295
|
#
|
295
296
|
# If you do not specify a value for this parameter, then the operation
|
296
297
|
# uses the default value of `false`. The result is that IAM users in the
|
data/lib/aws-sdk-iam/client.rb
CHANGED
@@ -714,9 +714,9 @@ module Aws::IAM
|
|
714
714
|
|
715
715
|
# Changes the password of the IAM user who is calling this operation.
|
716
716
|
# This operation can be performed using the CLI, the Amazon Web Services
|
717
|
-
# API, or the **My Security Credentials** page in the
|
718
|
-
# Console. The account root user
|
719
|
-
# operation.
|
717
|
+
# API, or the **My Security Credentials** page in the Amazon Web
|
718
|
+
# Services Management Console. The Amazon Web Services account root user
|
719
|
+
# password is not affected by this operation.
|
720
720
|
#
|
721
721
|
# Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or
|
722
722
|
# the **Users** page in the IAM console to change the password for any
|
@@ -731,8 +731,8 @@ module Aws::IAM
|
|
731
731
|
# The IAM user's current password.
|
732
732
|
#
|
733
733
|
# @option params [required, String] :new_password
|
734
|
-
# The new password. The new password must conform to the
|
735
|
-
# password policy, if one exists.
|
734
|
+
# The new password. The new password must conform to the Amazon Web
|
735
|
+
# Services account's password policy, if one exists.
|
736
736
|
#
|
737
737
|
# The [regex pattern][1] that is used to validate this parameter is a
|
738
738
|
# string of characters. That string can include almost any printable
|
@@ -740,8 +740,9 @@ module Aws::IAM
|
|
740
740
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
741
741
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
742
742
|
# of these characters are valid in a password. However, many tools, such
|
743
|
-
# as the Management Console, might restrict the
|
744
|
-
# characters because they have special meaning
|
743
|
+
# as the Amazon Web Services Management Console, might restrict the
|
744
|
+
# ability to type certain characters because they have special meaning
|
745
|
+
# within that tool.
|
745
746
|
#
|
746
747
|
#
|
747
748
|
#
|
@@ -781,18 +782,19 @@ module Aws::IAM
|
|
781
782
|
#
|
782
783
|
# If you do not specify a user name, IAM determines the user name
|
783
784
|
# implicitly based on the Amazon Web Services access key ID signing the
|
784
|
-
# request. This operation works for access keys under the
|
785
|
-
# Consequently, you can use this operation to manage
|
786
|
-
# credentials. This is true even
|
785
|
+
# request. This operation works for access keys under the Amazon Web
|
786
|
+
# Services account. Consequently, you can use this operation to manage
|
787
|
+
# Amazon Web Services account root user credentials. This is true even
|
788
|
+
# if the Amazon Web Services account has no associated users.
|
787
789
|
#
|
788
790
|
# For information about quotas on the number of keys you can create, see
|
789
791
|
# [IAM and STS quotas][1] in the *IAM User Guide*.
|
790
792
|
#
|
791
|
-
# To ensure the security of your account, the secret
|
792
|
-
# accessible only during key and user creation. You must
|
793
|
-
# (for example, in a text file) if you want to be able to
|
794
|
-
# again. If a secret key is lost, you can delete the access
|
795
|
-
# associated user and then create new keys.
|
793
|
+
# To ensure the security of your Amazon Web Services account, the secret
|
794
|
+
# access key is accessible only during key and user creation. You must
|
795
|
+
# save the key (for example, in a text file) if you want to be able to
|
796
|
+
# access it again. If a secret key is lost, you can delete the access
|
797
|
+
# keys for the associated user and then create new keys.
|
796
798
|
#
|
797
799
|
#
|
798
800
|
#
|
@@ -857,9 +859,9 @@ module Aws::IAM
|
|
857
859
|
req.send_request(options)
|
858
860
|
end
|
859
861
|
|
860
|
-
# Creates an alias for your account. For information
|
861
|
-
# account alias, see [Using an alias
|
862
|
-
# User Guide*.
|
862
|
+
# Creates an alias for your Amazon Web Services account. For information
|
863
|
+
# about using an Amazon Web Services account alias, see [Using an alias
|
864
|
+
# for your Amazon Web Services account ID][1] in the *IAM User Guide*.
|
863
865
|
#
|
864
866
|
#
|
865
867
|
#
|
@@ -1125,13 +1127,14 @@ module Aws::IAM
|
|
1125
1127
|
end
|
1126
1128
|
|
1127
1129
|
# Creates a password for the specified IAM user. A password allows an
|
1128
|
-
# IAM user to access Amazon Web Services services through the
|
1129
|
-
# Console.
|
1130
|
+
# IAM user to access Amazon Web Services services through the Amazon Web
|
1131
|
+
# Services Management Console.
|
1130
1132
|
#
|
1131
1133
|
# You can use the CLI, the Amazon Web Services API, or the **Users**
|
1132
1134
|
# page in the IAM console to create a password for any IAM user. Use
|
1133
1135
|
# ChangePassword to update your own existing password in the **My
|
1134
|
-
# Security Credentials** page in the Management
|
1136
|
+
# Security Credentials** page in the Amazon Web Services Management
|
1137
|
+
# Console.
|
1135
1138
|
#
|
1136
1139
|
# For more information about managing passwords, see [Managing
|
1137
1140
|
# passwords][1] in the *IAM User Guide*.
|
@@ -1162,8 +1165,9 @@ module Aws::IAM
|
|
1162
1165
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
1163
1166
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
1164
1167
|
# of these characters are valid in a password. However, many tools, such
|
1165
|
-
# as the Management Console, might restrict the
|
1166
|
-
# characters because they have special meaning
|
1168
|
+
# as the Amazon Web Services Management Console, might restrict the
|
1169
|
+
# ability to type certain characters because they have special meaning
|
1170
|
+
# within that tool.
|
1167
1171
|
#
|
1168
1172
|
#
|
1169
1173
|
#
|
@@ -1247,8 +1251,8 @@ module Aws::IAM
|
|
1247
1251
|
# * A list of thumbprints of one or more server certificates that the
|
1248
1252
|
# IdP uses
|
1249
1253
|
#
|
1250
|
-
# You get all of this information from the OIDC IdP
|
1251
|
-
#
|
1254
|
+
# You get all of this information from the OIDC IdP you want to use to
|
1255
|
+
# access Amazon Web Services.
|
1252
1256
|
#
|
1253
1257
|
# <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
|
1254
1258
|
# providers (IdPs) through our library of trusted certificate
|
@@ -1277,16 +1281,18 @@ module Aws::IAM
|
|
1277
1281
|
# Connect ID tokens. Per the OIDC standard, path components are allowed
|
1278
1282
|
# but query parameters are not. Typically the URL consists of only a
|
1279
1283
|
# hostname, like `https://server.example.org` or `https://example.com`.
|
1284
|
+
# The URL should not contain a port number.
|
1280
1285
|
#
|
1281
1286
|
# You cannot register the same provider multiple times in a single
|
1282
|
-
# account. If you try to submit a URL that has
|
1283
|
-
# OpenID Connect provider in the
|
1287
|
+
# Amazon Web Services account. If you try to submit a URL that has
|
1288
|
+
# already been used for an OpenID Connect provider in the Amazon Web
|
1289
|
+
# Services account, you will get an error.
|
1284
1290
|
#
|
1285
1291
|
# @option params [Array<String>] :client_id_list
|
1286
|
-
#
|
1287
|
-
# app registers with an OpenID Connect provider, they establish a
|
1288
|
-
# that identifies the application.
|
1289
|
-
# the `client_id` parameter on OAuth requests.
|
1292
|
+
# Provides a list of client IDs, also known as audiences. When a mobile
|
1293
|
+
# or web app registers with an OpenID Connect provider, they establish a
|
1294
|
+
# value that identifies the application. This is the value that's sent
|
1295
|
+
# as the `client_id` parameter on OAuth requests.
|
1290
1296
|
#
|
1291
1297
|
# You can register multiple client IDs with the same provider. For
|
1292
1298
|
# example, you might have multiple applications that use the same OIDC
|
@@ -1313,11 +1319,11 @@ module Aws::IAM
|
|
1313
1319
|
# `server.example.com` and the provider stores its keys at
|
1314
1320
|
# https://keys.server.example.com/openid-connect. In that case, the
|
1315
1321
|
# thumbprint string would be the hex-encoded SHA-1 hash value of the
|
1316
|
-
# certificate used by https://keys.server.example.com
|
1322
|
+
# certificate used by `https://keys.server.example.com.`
|
1317
1323
|
#
|
1318
|
-
# For more information about obtaining the OIDC provider
|
1319
|
-
#
|
1320
|
-
#
|
1324
|
+
# For more information about obtaining the OIDC provider thumbprint, see
|
1325
|
+
# [Obtaining the thumbprint for an OpenID Connect provider][1] in the
|
1326
|
+
# *IAM User Guide*.
|
1321
1327
|
#
|
1322
1328
|
#
|
1323
1329
|
#
|
@@ -1395,7 +1401,7 @@ module Aws::IAM
|
|
1395
1401
|
req.send_request(options)
|
1396
1402
|
end
|
1397
1403
|
|
1398
|
-
# Creates a new managed policy for your account.
|
1404
|
+
# Creates a new managed policy for your Amazon Web Services account.
|
1399
1405
|
#
|
1400
1406
|
# This operation creates a policy version with a version identifier of
|
1401
1407
|
# `v1` and sets v1 as the policy's default version. For more
|
@@ -1437,6 +1443,10 @@ module Aws::IAM
|
|
1437
1443
|
# character (`\u007F`), including most punctuation characters, digits,
|
1438
1444
|
# and upper and lowercased letters.
|
1439
1445
|
#
|
1446
|
+
# <note markdown="1"> You cannot use an asterisk (*) in the path name.
|
1447
|
+
#
|
1448
|
+
# </note>
|
1449
|
+
#
|
1440
1450
|
#
|
1441
1451
|
#
|
1442
1452
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
|
@@ -1650,10 +1660,10 @@ module Aws::IAM
|
|
1650
1660
|
req.send_request(options)
|
1651
1661
|
end
|
1652
1662
|
|
1653
|
-
# Creates a new role for your account. For more
|
1654
|
-
# see [IAM roles][1]. For information about
|
1655
|
-
# the number of roles you can create, see [IAM
|
1656
|
-
# *IAM User Guide*.
|
1663
|
+
# Creates a new role for your Amazon Web Services account. For more
|
1664
|
+
# information about roles, see [IAM roles][1]. For information about
|
1665
|
+
# quotas for role names and the number of roles you can create, see [IAM
|
1666
|
+
# and STS quotas][2] in the *IAM User Guide*.
|
1657
1667
|
#
|
1658
1668
|
#
|
1659
1669
|
#
|
@@ -1836,8 +1846,8 @@ module Aws::IAM
|
|
1836
1846
|
# used as a principal in an IAM role's trust policy. Such a policy can
|
1837
1847
|
# enable federated users who sign in using the SAML IdP to assume the
|
1838
1848
|
# role. You can create an IAM role that supports Web-based single
|
1839
|
-
# sign-on (SSO) to the Management Console or one
|
1840
|
-
# access to Amazon Web Services.
|
1849
|
+
# sign-on (SSO) to the Amazon Web Services Management Console or one
|
1850
|
+
# that supports API access to Amazon Web Services.
|
1841
1851
|
#
|
1842
1852
|
# When you create the SAML provider resource, you upload a SAML metadata
|
1843
1853
|
# document that you get from your IdP. That document includes the
|
@@ -1851,8 +1861,8 @@ module Aws::IAM
|
|
1851
1861
|
# </note>
|
1852
1862
|
#
|
1853
1863
|
# For more information, see [Enabling SAML 2.0 federated users to access
|
1854
|
-
# the Management Console][2] and [About SAML
|
1855
|
-
# the *IAM User Guide*.
|
1864
|
+
# the Amazon Web Services Management Console][2] and [About SAML
|
1865
|
+
# 2.0-based federation][3] in the *IAM User Guide*.
|
1856
1866
|
#
|
1857
1867
|
#
|
1858
1868
|
#
|
@@ -2096,7 +2106,7 @@ module Aws::IAM
|
|
2096
2106
|
req.send_request(options)
|
2097
2107
|
end
|
2098
2108
|
|
2099
|
-
# Creates a new IAM user for your account.
|
2109
|
+
# Creates a new IAM user for your Amazon Web Services account.
|
2100
2110
|
#
|
2101
2111
|
# For information about quotas for the number of IAM users you can
|
2102
2112
|
# create, see [IAM and STS quotas][1] in the *IAM User Guide*.
|
@@ -2211,10 +2221,11 @@ module Aws::IAM
|
|
2211
2221
|
req.send_request(options)
|
2212
2222
|
end
|
2213
2223
|
|
2214
|
-
# Creates a new virtual MFA device for the
|
2215
|
-
# virtual MFA, use EnableMFADevice to attach the MFA
|
2216
|
-
# user. For more information about creating and working
|
2217
|
-
# devices, see [Using a virtual MFA device][1] in the
|
2224
|
+
# Creates a new virtual MFA device for the Amazon Web Services account.
|
2225
|
+
# After creating the virtual MFA, use EnableMFADevice to attach the MFA
|
2226
|
+
# device to an IAM user. For more information about creating and working
|
2227
|
+
# with virtual MFA devices, see [Using a virtual MFA device][1] in the
|
2228
|
+
# *IAM User Guide*.
|
2218
2229
|
#
|
2219
2230
|
# For information about the maximum number of MFA devices you can
|
2220
2231
|
# create, see [IAM and STS quotas][2] in the *IAM User Guide*.
|
@@ -2384,9 +2395,10 @@ module Aws::IAM
|
|
2384
2395
|
#
|
2385
2396
|
# If you do not specify a user name, IAM determines the user name
|
2386
2397
|
# implicitly based on the Amazon Web Services access key ID signing the
|
2387
|
-
# request. This operation works for access keys under the
|
2388
|
-
# Consequently, you can use this operation to manage
|
2389
|
-
# credentials even if the
|
2398
|
+
# request. This operation works for access keys under the Amazon Web
|
2399
|
+
# Services account. Consequently, you can use this operation to manage
|
2400
|
+
# Amazon Web Services account root user credentials even if the Amazon
|
2401
|
+
# Web Services account has no associated users.
|
2390
2402
|
#
|
2391
2403
|
# @option params [String] :user_name
|
2392
2404
|
# The name of the user whose access key pair you want to delete.
|
@@ -2440,9 +2452,10 @@ module Aws::IAM
|
|
2440
2452
|
req.send_request(options)
|
2441
2453
|
end
|
2442
2454
|
|
2443
|
-
# Deletes the specified account alias. For
|
2444
|
-
# Amazon Web Services account alias, see
|
2445
|
-
# account ID][1] in the
|
2455
|
+
# Deletes the specified Amazon Web Services account alias. For
|
2456
|
+
# information about using an Amazon Web Services account alias, see
|
2457
|
+
# [Using an alias for your Amazon Web Services account ID][1] in the
|
2458
|
+
# *IAM User Guide*.
|
2446
2459
|
#
|
2447
2460
|
#
|
2448
2461
|
#
|
@@ -2486,7 +2499,8 @@ module Aws::IAM
|
|
2486
2499
|
req.send_request(options)
|
2487
2500
|
end
|
2488
2501
|
|
2489
|
-
# Deletes the password policy for the account. There
|
2502
|
+
# Deletes the password policy for the Amazon Web Services account. There
|
2503
|
+
# are no parameters.
|
2490
2504
|
#
|
2491
2505
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2492
2506
|
#
|
@@ -2659,12 +2673,13 @@ module Aws::IAM
|
|
2659
2673
|
|
2660
2674
|
# Deletes the password for the specified IAM user, which terminates the
|
2661
2675
|
# user's ability to access Amazon Web Services services through the
|
2662
|
-
# Management Console.
|
2676
|
+
# Amazon Web Services Management Console.
|
2663
2677
|
#
|
2664
2678
|
# You can use the CLI, the Amazon Web Services API, or the **Users**
|
2665
2679
|
# page in the IAM console to delete a password for any IAM user. You can
|
2666
2680
|
# use ChangePassword to update, but not delete, your own password in the
|
2667
|
-
# **My Security Credentials** page in the Management
|
2681
|
+
# **My Security Credentials** page in the Amazon Web Services Management
|
2682
|
+
# Console.
|
2668
2683
|
#
|
2669
2684
|
# Deleting a user's password does not prevent a user from accessing
|
2670
2685
|
# Amazon Web Services through the command line interface or the API. To
|
@@ -3243,9 +3258,10 @@ module Aws::IAM
|
|
3243
3258
|
#
|
3244
3259
|
# If you do not specify a user name, IAM determines the user name
|
3245
3260
|
# implicitly based on the Amazon Web Services access key ID signing the
|
3246
|
-
# request. This operation works for access keys under the
|
3247
|
-
# Consequently, you can use this operation to manage
|
3248
|
-
#
|
3261
|
+
# request. This operation works for access keys under the Amazon Web
|
3262
|
+
# Services account. Consequently, you can use this operation to manage
|
3263
|
+
# Amazon Web Services account root user credentials even if the Amazon
|
3264
|
+
# Web Services account has no associated IAM users.
|
3249
3265
|
#
|
3250
3266
|
# @option params [String] :user_name
|
3251
3267
|
# The name of the user the signing certificate belongs to.
|
@@ -3298,11 +3314,11 @@ module Aws::IAM
|
|
3298
3314
|
req.send_request(options)
|
3299
3315
|
end
|
3300
3316
|
|
3301
|
-
# Deletes the specified IAM user. Unlike the
|
3302
|
-
# you delete a user programmatically, you must
|
3303
|
-
# to the user manually, or the deletion fails.
|
3304
|
-
# [Deleting an IAM user][1]. Before attempting
|
3305
|
-
# the following items:
|
3317
|
+
# Deletes the specified IAM user. Unlike the Amazon Web Services
|
3318
|
+
# Management Console, when you delete a user programmatically, you must
|
3319
|
+
# delete the items attached to the user manually, or the deletion fails.
|
3320
|
+
# For more information, see [Deleting an IAM user][1]. Before attempting
|
3321
|
+
# to delete a user, remove the following items:
|
3306
3322
|
#
|
3307
3323
|
# * Password (DeleteLoginProfile)
|
3308
3324
|
#
|
@@ -3738,9 +3754,9 @@ module Aws::IAM
|
|
3738
3754
|
req.send_request(options)
|
3739
3755
|
end
|
3740
3756
|
|
3741
|
-
# Generates a credential report for the account. For
|
3742
|
-
# about the credential report, see [Getting credential
|
3743
|
-
# the *IAM User Guide*.
|
3757
|
+
# Generates a credential report for the Amazon Web Services account. For
|
3758
|
+
# more information about the credential report, see [Getting credential
|
3759
|
+
# reports][1] in the *IAM User Guide*.
|
3744
3760
|
#
|
3745
3761
|
#
|
3746
3762
|
#
|
@@ -3796,14 +3812,14 @@ module Aws::IAM
|
|
3796
3812
|
#
|
3797
3813
|
# The data includes all attempts to access Amazon Web Services, not just
|
3798
3814
|
# the successful ones. This includes all attempts that were made using
|
3799
|
-
# the Management Console, the Amazon Web Services
|
3800
|
-
# SDKs, or any of the command line tools. An
|
3801
|
-
# service last accessed data does not mean that
|
3802
|
-
# compromised, because the request might have been
|
3803
|
-
# CloudTrail logs as the authoritative source for
|
3804
|
-
# API calls and whether they were successful or
|
3805
|
-
# information, see [Logging IAM events with
|
3806
|
-
# User Guide*.
|
3815
|
+
# the Amazon Web Services Management Console, the Amazon Web Services
|
3816
|
+
# API through any of the SDKs, or any of the command line tools. An
|
3817
|
+
# unexpected entry in the service last accessed data does not mean that
|
3818
|
+
# an account has been compromised, because the request might have been
|
3819
|
+
# denied. Refer to your CloudTrail logs as the authoritative source for
|
3820
|
+
# information about all API calls and whether they were successful or
|
3821
|
+
# denied access. For more information, see [Logging IAM events with
|
3822
|
+
# CloudTrail][2] in the *IAM User Guide*.
|
3807
3823
|
#
|
3808
3824
|
# This operation returns a `JobId`. Use this parameter in the `
|
3809
3825
|
# GetOrganizationsAccessReport ` operation to check the status of the
|
@@ -3959,14 +3975,15 @@ module Aws::IAM
|
|
3959
3975
|
#
|
3960
3976
|
# The service last accessed data includes all attempts to access an
|
3961
3977
|
# Amazon Web Services API, not just the successful ones. This includes
|
3962
|
-
# all attempts that were made using the
|
3963
|
-
# Web Services API through any of the SDKs, or any
|
3964
|
-
# tools. An unexpected entry in the service last
|
3965
|
-
# mean that your account has been compromised,
|
3966
|
-
# have been denied. Refer to your CloudTrail
|
3967
|
-
# source for information about all API calls
|
3968
|
-
# successful or denied access. For more
|
3969
|
-
# events with CloudTrail][2] in the *IAM
|
3978
|
+
# all attempts that were made using the Amazon Web Services Management
|
3979
|
+
# Console, the Amazon Web Services API through any of the SDKs, or any
|
3980
|
+
# of the command line tools. An unexpected entry in the service last
|
3981
|
+
# accessed data does not mean that your account has been compromised,
|
3982
|
+
# because the request might have been denied. Refer to your CloudTrail
|
3983
|
+
# logs as the authoritative source for information about all API calls
|
3984
|
+
# and whether they were successful or denied access. For more
|
3985
|
+
# information, see [Logging IAM events with CloudTrail][2] in the *IAM
|
3986
|
+
# User Guide*.
|
3970
3987
|
#
|
3971
3988
|
# The `GenerateServiceLastAccessedDetails` operation returns a `JobId`.
|
3972
3989
|
# Use this parameter in the following operations to retrieve the
|
@@ -4284,10 +4301,11 @@ module Aws::IAM
|
|
4284
4301
|
req.send_request(options)
|
4285
4302
|
end
|
4286
4303
|
|
4287
|
-
# Retrieves the password policy for the
|
4288
|
-
# complexity requirements and mandatory rotation
|
4289
|
-
# user passwords in your account. For more
|
4290
|
-
# password policy, see [Managing an IAM
|
4304
|
+
# Retrieves the password policy for the Amazon Web Services account.
|
4305
|
+
# This tells you the complexity requirements and mandatory rotation
|
4306
|
+
# periods for the IAM user passwords in your account. For more
|
4307
|
+
# information about using a password policy, see [Managing an IAM
|
4308
|
+
# password policy][1].
|
4291
4309
|
#
|
4292
4310
|
#
|
4293
4311
|
#
|
@@ -4554,9 +4572,9 @@ module Aws::IAM
|
|
4554
4572
|
req.send_request(options)
|
4555
4573
|
end
|
4556
4574
|
|
4557
|
-
# Retrieves a credential report for the account. For
|
4558
|
-
# about the credential report, see [Getting credential
|
4559
|
-
# the *IAM User Guide*.
|
4575
|
+
# Retrieves a credential report for the Amazon Web Services account. For
|
4576
|
+
# more information about the credential report, see [Getting credential
|
4577
|
+
# reports][1] in the *IAM User Guide*.
|
4560
4578
|
#
|
4561
4579
|
#
|
4562
4580
|
#
|
@@ -4842,18 +4860,20 @@ module Aws::IAM
|
|
4842
4860
|
end
|
4843
4861
|
|
4844
4862
|
# Retrieves the user name for the specified IAM user. A login profile is
|
4845
|
-
# created when you create a password for the user to access the
|
4846
|
-
# Management Console. If the user does not exist or does
|
4847
|
-
# password, the operation returns a 404 (`NoSuchEntity`)
|
4863
|
+
# created when you create a password for the user to access the Amazon
|
4864
|
+
# Web Services Management Console. If the user does not exist or does
|
4865
|
+
# not have a password, the operation returns a 404 (`NoSuchEntity`)
|
4866
|
+
# error.
|
4848
4867
|
#
|
4849
4868
|
# If you create an IAM user with access to the console, the `CreateDate`
|
4850
4869
|
# reflects the date you created the initial password for the user.
|
4851
4870
|
#
|
4852
4871
|
# If you create an IAM user with programmatic access, and then later add
|
4853
|
-
# a password for the user to access the
|
4854
|
-
# `CreateDate` reflects the initial password creation date.
|
4855
|
-
# programmatic access does not have a login profile unless
|
4856
|
-
# password for the user to access the
|
4872
|
+
# a password for the user to access the Amazon Web Services Management
|
4873
|
+
# Console, the `CreateDate` reflects the initial password creation date.
|
4874
|
+
# A user with programmatic access does not have a login profile unless
|
4875
|
+
# you create a password for the user to access the Amazon Web Services
|
4876
|
+
# Management Console.
|
4857
4877
|
#
|
4858
4878
|
# @option params [required, String] :user_name
|
4859
4879
|
# The name of the user whose login profile you want to retrieve.
|
@@ -6131,12 +6151,13 @@ module Aws::IAM
|
|
6131
6151
|
#
|
6132
6152
|
# If the `UserName` field is not specified, the user name is determined
|
6133
6153
|
# implicitly based on the Amazon Web Services access key ID used to sign
|
6134
|
-
# the request. This operation works for access keys under the
|
6135
|
-
# Consequently, you can use this operation to manage
|
6136
|
-
# credentials even if the
|
6154
|
+
# the request. This operation works for access keys under the Amazon Web
|
6155
|
+
# Services account. Consequently, you can use this operation to manage
|
6156
|
+
# Amazon Web Services account root user credentials even if the Amazon
|
6157
|
+
# Web Services account has no associated users.
|
6137
6158
|
#
|
6138
|
-
# <note markdown="1"> To ensure the security of your account, the secret
|
6139
|
-
# accessible only during key and user creation.
|
6159
|
+
# <note markdown="1"> To ensure the security of your Amazon Web Services account, the secret
|
6160
|
+
# access key is accessible only during key and user creation.
|
6140
6161
|
#
|
6141
6162
|
# </note>
|
6142
6163
|
#
|
@@ -6231,9 +6252,10 @@ module Aws::IAM
|
|
6231
6252
|
req.send_request(options)
|
6232
6253
|
end
|
6233
6254
|
|
6234
|
-
# Lists the account alias associated with the
|
6235
|
-
# have only one). For information about using an
|
6236
|
-
#
|
6255
|
+
# Lists the account alias associated with the Amazon Web Services
|
6256
|
+
# account (Note: you can have only one). For information about using an
|
6257
|
+
# Amazon Web Services account alias, see [Using an alias for your Amazon
|
6258
|
+
# Web Services account ID][1] in the *IAM User Guide*.
|
6237
6259
|
#
|
6238
6260
|
#
|
6239
6261
|
#
|
@@ -7510,7 +7532,7 @@ module Aws::IAM
|
|
7510
7532
|
end
|
7511
7533
|
|
7512
7534
|
# Lists information about the IAM OpenID Connect (OIDC) provider
|
7513
|
-
# resource objects defined in the account.
|
7535
|
+
# resource objects defined in the Amazon Web Services account.
|
7514
7536
|
#
|
7515
7537
|
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
7516
7538
|
# attributes for the resource. For example, this operation does not
|
@@ -7538,9 +7560,9 @@ module Aws::IAM
|
|
7538
7560
|
req.send_request(options)
|
7539
7561
|
end
|
7540
7562
|
|
7541
|
-
# Lists all the managed policies that are available in your
|
7542
|
-
# including your own customer-defined managed policies
|
7543
|
-
# Web Services managed policies.
|
7563
|
+
# Lists all the managed policies that are available in your Amazon Web
|
7564
|
+
# Services account, including your own customer-defined managed policies
|
7565
|
+
# and all Amazon Web Services managed policies.
|
7544
7566
|
#
|
7545
7567
|
# You can filter the list of policies that is returned using the
|
7546
7568
|
# optional `OnlyAttached`, `Scope`, and `PathPrefix` parameters. For
|
@@ -7570,8 +7592,8 @@ module Aws::IAM
|
|
7570
7592
|
# The scope to use for filtering the results.
|
7571
7593
|
#
|
7572
7594
|
# To list only Amazon Web Services managed policies, set `Scope` to
|
7573
|
-
# `AWS`. To list only the customer managed policies in your
|
7574
|
-
# `Scope` to `Local`.
|
7595
|
+
# `AWS`. To list only the customer managed policies in your Amazon Web
|
7596
|
+
# Services account, set `Scope` to `Local`.
|
7575
7597
|
#
|
7576
7598
|
# This parameter is optional. If it is not included, or if it is set to
|
7577
7599
|
# `All`, all policies are returned.
|
@@ -8671,9 +8693,9 @@ module Aws::IAM
|
|
8671
8693
|
# If the `UserName` field is not specified, the user name is determined
|
8672
8694
|
# implicitly based on the Amazon Web Services access key ID used to sign
|
8673
8695
|
# the request for this operation. This operation works for access keys
|
8674
|
-
# under the account. Consequently, you can use this
|
8675
|
-
#
|
8676
|
-
# users.
|
8696
|
+
# under the Amazon Web Services account. Consequently, you can use this
|
8697
|
+
# operation to manage Amazon Web Services account root user credentials
|
8698
|
+
# even if the Amazon Web Services account has no associated users.
|
8677
8699
|
#
|
8678
8700
|
# @option params [String] :user_name
|
8679
8701
|
# The name of the IAM user whose signing certificates you want to
|
@@ -8935,8 +8957,9 @@ module Aws::IAM
|
|
8935
8957
|
end
|
8936
8958
|
|
8937
8959
|
# Lists the IAM users that have the specified path prefix. If no path
|
8938
|
-
# prefix is specified, the operation returns all users in the
|
8939
|
-
# If there are none, the operation returns an empty
|
8960
|
+
# prefix is specified, the operation returns all users in the Amazon Web
|
8961
|
+
# Services account. If there are none, the operation returns an empty
|
8962
|
+
# list.
|
8940
8963
|
#
|
8941
8964
|
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
8942
8965
|
# attributes for the resource. For example, this operation does not
|
@@ -9054,10 +9077,10 @@ module Aws::IAM
|
|
9054
9077
|
req.send_request(options)
|
9055
9078
|
end
|
9056
9079
|
|
9057
|
-
# Lists the virtual MFA devices defined in the
|
9058
|
-
# status. If you do not specify an assignment
|
9059
|
-
# returns a list of all virtual MFA devices.
|
9060
|
-
# `Assigned`, `Unassigned`, or `Any`.
|
9080
|
+
# Lists the virtual MFA devices defined in the Amazon Web Services
|
9081
|
+
# account by assignment status. If you do not specify an assignment
|
9082
|
+
# status, the operation returns a list of all virtual MFA devices.
|
9083
|
+
# Assignment status can be `Assigned`, `Unassigned`, or `Any`.
|
9061
9084
|
#
|
9062
9085
|
# <note markdown="1"> IAM resource-listing operations return a subset of the available
|
9063
9086
|
# attributes for the resource. For example, this operation does not
|
@@ -9908,7 +9931,7 @@ module Aws::IAM
|
|
9908
9931
|
end
|
9909
9932
|
|
9910
9933
|
# Sets the specified version of the global endpoint token as the token
|
9911
|
-
# version used for the account.
|
9934
|
+
# version used for the Amazon Web Services account.
|
9912
9935
|
#
|
9913
9936
|
# By default, Security Token Service (STS) is available as a global
|
9914
9937
|
# service, and all STS requests go to a single endpoint at
|
@@ -9921,12 +9944,13 @@ module Aws::IAM
|
|
9921
9944
|
# If you make an STS call to the global endpoint, the resulting session
|
9922
9945
|
# tokens might be valid in some Regions but not others. It depends on
|
9923
9946
|
# the version that is set in this operation. Version 1 tokens are valid
|
9924
|
-
# only in Regions that are available by default.
|
9925
|
-
# work in manually enabled Regions, such as Asia
|
9926
|
-
# Version 2 tokens are valid in all Regions.
|
9927
|
-
# are longer and might affect systems where
|
9928
|
-
# tokens. For information, see [Activating and
|
9929
|
-
# Region][2] in the *IAM User
|
9947
|
+
# only in Amazon Web Services Regions that are available by default.
|
9948
|
+
# These tokens do not work in manually enabled Regions, such as Asia
|
9949
|
+
# Pacific (Hong Kong). Version 2 tokens are valid in all Regions.
|
9950
|
+
# However, version 2 tokens are longer and might affect systems where
|
9951
|
+
# you temporarily store tokens. For information, see [Activating and
|
9952
|
+
# deactivating STS in an Amazon Web Services Region][2] in the *IAM User
|
9953
|
+
# Guide*.
|
9930
9954
|
#
|
9931
9955
|
# To view the current session token version, see the
|
9932
9956
|
# `GlobalEndpointTokenVersion` entry in the response of the
|
@@ -9939,14 +9963,14 @@ module Aws::IAM
|
|
9939
9963
|
#
|
9940
9964
|
# @option params [required, String] :global_endpoint_token_version
|
9941
9965
|
# The version of the global endpoint token. Version 1 tokens are valid
|
9942
|
-
# only in Regions that are available by default.
|
9943
|
-
# work in manually enabled Regions, such as Asia
|
9944
|
-
# Version 2 tokens are valid in all Regions.
|
9945
|
-
# are longer and might affect systems where
|
9946
|
-
# tokens.
|
9966
|
+
# only in Amazon Web Services Regions that are available by default.
|
9967
|
+
# These tokens do not work in manually enabled Regions, such as Asia
|
9968
|
+
# Pacific (Hong Kong). Version 2 tokens are valid in all Regions.
|
9969
|
+
# However, version 2 tokens are longer and might affect systems where
|
9970
|
+
# you temporarily store tokens.
|
9947
9971
|
#
|
9948
|
-
# For information, see [Activating and deactivating STS in an
|
9949
|
-
# in the *IAM User Guide*.
|
9972
|
+
# For information, see [Activating and deactivating STS in an Amazon Web
|
9973
|
+
# Services Region][1] in the *IAM User Guide*.
|
9950
9974
|
#
|
9951
9975
|
#
|
9952
9976
|
#
|
@@ -10136,12 +10160,12 @@ module Aws::IAM
|
|
10136
10160
|
# [2]: http://wikipedia.org/wiki/regex
|
10137
10161
|
#
|
10138
10162
|
# @option params [String] :resource_owner
|
10139
|
-
# An ARN representing the account ID that specifies
|
10140
|
-
# simulated resource that does not identify its owner
|
10141
|
-
# ARN. Examples of resource ARNs include an S3 bucket or
|
10142
|
-
# `ResourceOwner` is specified, it is also used as the
|
10143
|
-
# any `ResourcePolicy` included in the simulation. If
|
10144
|
-
# `ResourceOwner` parameter is not specified, then the owner of the
|
10163
|
+
# An ARN representing the Amazon Web Services account ID that specifies
|
10164
|
+
# the owner of any simulated resource that does not identify its owner
|
10165
|
+
# in the resource ARN. Examples of resource ARNs include an S3 bucket or
|
10166
|
+
# object. If `ResourceOwner` is specified, it is also used as the
|
10167
|
+
# account owner of any `ResourcePolicy` included in the simulation. If
|
10168
|
+
# the `ResourceOwner` parameter is not specified, then the owner of the
|
10145
10169
|
# resources and the resource policy defaults to the account of the
|
10146
10170
|
# identity provided in `CallerArn`. This parameter is required only if
|
10147
10171
|
# you specify a resource-based policy and account that owns the resource
|
@@ -10482,16 +10506,17 @@ module Aws::IAM
|
|
10482
10506
|
# [2]: http://wikipedia.org/wiki/regex
|
10483
10507
|
#
|
10484
10508
|
# @option params [String] :resource_owner
|
10485
|
-
# An account ID that specifies the owner of any
|
10486
|
-
# does not identify its owner in the resource
|
10487
|
-
# ARNs include an S3 bucket or object. If
|
10488
|
-
# it is also used as the account owner of
|
10489
|
-
# in the simulation. If the
|
10490
|
-
#
|
10491
|
-
#
|
10492
|
-
#
|
10493
|
-
#
|
10494
|
-
# simulated calling user
|
10509
|
+
# An Amazon Web Services account ID that specifies the owner of any
|
10510
|
+
# simulated resource that does not identify its owner in the resource
|
10511
|
+
# ARN. Examples of resource ARNs include an S3 bucket or object. If
|
10512
|
+
# `ResourceOwner` is specified, it is also used as the account owner of
|
10513
|
+
# any `ResourcePolicy` included in the simulation. If the
|
10514
|
+
# `ResourceOwner` parameter is not specified, then the owner of the
|
10515
|
+
# resources and the resource policy defaults to the account of the
|
10516
|
+
# identity provided in `CallerArn`. This parameter is required only if
|
10517
|
+
# you specify a resource-based policy and account that owns the resource
|
10518
|
+
# is different from the account that owns the simulated calling user
|
10519
|
+
# `CallerArn`.
|
10495
10520
|
#
|
10496
10521
|
# @option params [String] :caller_arn
|
10497
10522
|
# The ARN of the IAM user that you want to specify as the simulated
|
@@ -11723,9 +11748,10 @@ module Aws::IAM
|
|
11723
11748
|
#
|
11724
11749
|
# If the `UserName` is not specified, the user name is determined
|
11725
11750
|
# implicitly based on the Amazon Web Services access key ID used to sign
|
11726
|
-
# the request. This operation works for access keys under the
|
11727
|
-
# Consequently, you can use this operation to manage
|
11728
|
-
# credentials even if the
|
11751
|
+
# the request. This operation works for access keys under the Amazon Web
|
11752
|
+
# Services account. Consequently, you can use this operation to manage
|
11753
|
+
# Amazon Web Services account root user credentials even if the Amazon
|
11754
|
+
# Web Services account has no associated users.
|
11729
11755
|
#
|
11730
11756
|
# For information about rotating keys, see [Managing keys and
|
11731
11757
|
# certificates][1] in the *IAM User Guide*.
|
@@ -11793,7 +11819,8 @@ module Aws::IAM
|
|
11793
11819
|
req.send_request(options)
|
11794
11820
|
end
|
11795
11821
|
|
11796
|
-
# Updates the password policy settings for the
|
11822
|
+
# Updates the password policy settings for the Amazon Web Services
|
11823
|
+
# account.
|
11797
11824
|
#
|
11798
11825
|
# <note markdown="1"> * This operation does not support partial updates. No parameters are
|
11799
11826
|
# required, but if you do not specify a parameter, that parameter's
|
@@ -11855,9 +11882,10 @@ module Aws::IAM
|
|
11855
11882
|
# require at least one lowercase character.
|
11856
11883
|
#
|
11857
11884
|
# @option params [Boolean] :allow_users_to_change_password
|
11858
|
-
# Allows all IAM users in your account to use the
|
11859
|
-
# change their own passwords. For more
|
11860
|
-
# users change their own passwords][1] in
|
11885
|
+
# Allows all IAM users in your account to use the Amazon Web Services
|
11886
|
+
# Management Console to change their own passwords. For more
|
11887
|
+
# information, see [Letting IAM users change their own passwords][1] in
|
11888
|
+
# the *IAM User Guide*.
|
11861
11889
|
#
|
11862
11890
|
# If you do not specify a value for this parameter, then the operation
|
11863
11891
|
# uses the default value of `false`. The result is that IAM users in the
|
@@ -12092,7 +12120,7 @@ module Aws::IAM
|
|
12092
12120
|
# the Amazon Web Services API, or the **Users** page in the IAM console
|
12093
12121
|
# to change the password for any IAM user. Use ChangePassword to change
|
12094
12122
|
# your own password in the **My Security Credentials** page in the
|
12095
|
-
# Management Console.
|
12123
|
+
# Amazon Web Services Management Console.
|
12096
12124
|
#
|
12097
12125
|
# For more information about modifying passwords, see [Managing
|
12098
12126
|
# passwords][1] in the *IAM User Guide*.
|
@@ -12129,8 +12157,8 @@ module Aws::IAM
|
|
12129
12157
|
# carriage return (`\u000D`)
|
12130
12158
|
#
|
12131
12159
|
# However, the format can be further restricted by the account
|
12132
|
-
# administrator by setting a password policy on the
|
12133
|
-
# information, see UpdateAccountPasswordPolicy.
|
12160
|
+
# administrator by setting a password policy on the Amazon Web Services
|
12161
|
+
# account. For more information, see UpdateAccountPasswordPolicy.
|
12134
12162
|
#
|
12135
12163
|
#
|
12136
12164
|
#
|
@@ -12597,9 +12625,10 @@ module Aws::IAM
|
|
12597
12625
|
#
|
12598
12626
|
# If the `UserName` field is not specified, the user name is determined
|
12599
12627
|
# implicitly based on the Amazon Web Services access key ID used to sign
|
12600
|
-
# the request. This operation works for access keys under the
|
12601
|
-
# Consequently, you can use this operation to manage
|
12602
|
-
# credentials even if the
|
12628
|
+
# the request. This operation works for access keys under the Amazon Web
|
12629
|
+
# Services account. Consequently, you can use this operation to manage
|
12630
|
+
# Amazon Web Services account root user credentials even if the Amazon
|
12631
|
+
# Web Services account has no associated users.
|
12603
12632
|
#
|
12604
12633
|
# @option params [String] :user_name
|
12605
12634
|
# The name of the IAM user the signing certificate belongs to.
|
@@ -12820,9 +12849,10 @@ module Aws::IAM
|
|
12820
12849
|
req.send_request(options)
|
12821
12850
|
end
|
12822
12851
|
|
12823
|
-
# Uploads a server certificate entity for the
|
12824
|
-
# certificate entity includes a public key
|
12825
|
-
# and an optional certificate chain, which
|
12852
|
+
# Uploads a server certificate entity for the Amazon Web Services
|
12853
|
+
# account. The server certificate entity includes a public key
|
12854
|
+
# certificate, a private key, and an optional certificate chain, which
|
12855
|
+
# should all be PEM-encoded.
|
12826
12856
|
#
|
12827
12857
|
# We recommend that you use [Certificate Manager][1] to provision,
|
12828
12858
|
# manage, and deploy your server certificates. With ACM you can request
|
@@ -13047,9 +13077,10 @@ module Aws::IAM
|
|
13047
13077
|
#
|
13048
13078
|
# If the `UserName` is not specified, the IAM user name is determined
|
13049
13079
|
# implicitly based on the Amazon Web Services access key ID used to sign
|
13050
|
-
# the request. This operation works for access keys under the
|
13051
|
-
# Consequently, you can use this operation to manage
|
13052
|
-
# credentials even if the
|
13080
|
+
# the request. This operation works for access keys under the Amazon Web
|
13081
|
+
# Services account. Consequently, you can use this operation to manage
|
13082
|
+
# Amazon Web Services account root user credentials even if the Amazon
|
13083
|
+
# Web Services account has no associated users.
|
13053
13084
|
#
|
13054
13085
|
# <note markdown="1"> Because the body of an X.509 certificate can be large, you should use
|
13055
13086
|
# POST rather than GET when calling `UploadSigningCertificate`. For
|
@@ -13160,7 +13191,7 @@ module Aws::IAM
|
|
13160
13191
|
params: params,
|
13161
13192
|
config: config)
|
13162
13193
|
context[:gem_name] = 'aws-sdk-iam'
|
13163
|
-
context[:gem_version] = '1.
|
13194
|
+
context[:gem_version] = '1.61.0'
|
13164
13195
|
Seahorse::Client::Request.new(handlers, context)
|
13165
13196
|
end
|
13166
13197
|
|
@@ -197,8 +197,9 @@ module Aws::IAM
|
|
197
197
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
198
198
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
199
199
|
# of these characters are valid in a password. However, many tools, such
|
200
|
-
# as the Management Console, might restrict the
|
201
|
-
# characters because they have special meaning
|
200
|
+
# as the Amazon Web Services Management Console, might restrict the
|
201
|
+
# ability to type certain characters because they have special meaning
|
202
|
+
# within that tool.
|
202
203
|
#
|
203
204
|
#
|
204
205
|
#
|
@@ -251,8 +252,8 @@ module Aws::IAM
|
|
251
252
|
# carriage return (`\u000D`)
|
252
253
|
#
|
253
254
|
# However, the format can be further restricted by the account
|
254
|
-
# administrator by setting a password policy on the
|
255
|
-
# information, see UpdateAccountPasswordPolicy.
|
255
|
+
# administrator by setting a password policy on the Amazon Web Services
|
256
|
+
# account. For more information, see UpdateAccountPasswordPolicy.
|
256
257
|
#
|
257
258
|
#
|
258
259
|
#
|
data/lib/aws-sdk-iam/resource.rb
CHANGED
@@ -45,8 +45,8 @@ module Aws::IAM
|
|
45
45
|
# @option options [required, String] :old_password
|
46
46
|
# The IAM user's current password.
|
47
47
|
# @option options [required, String] :new_password
|
48
|
-
# The new password. The new password must conform to the
|
49
|
-
# password policy, if one exists.
|
48
|
+
# The new password. The new password must conform to the Amazon Web
|
49
|
+
# Services account's password policy, if one exists.
|
50
50
|
#
|
51
51
|
# The [regex pattern][1] that is used to validate this parameter is a
|
52
52
|
# string of characters. That string can include almost any printable
|
@@ -54,8 +54,9 @@ module Aws::IAM
|
|
54
54
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
55
55
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
56
56
|
# of these characters are valid in a password. However, many tools, such
|
57
|
-
# as the Management Console, might restrict the
|
58
|
-
# characters because they have special meaning
|
57
|
+
# as the Amazon Web Services Management Console, might restrict the
|
58
|
+
# ability to type certain characters because they have special meaning
|
59
|
+
# within that tool.
|
59
60
|
#
|
60
61
|
#
|
61
62
|
#
|
@@ -139,9 +140,10 @@ module Aws::IAM
|
|
139
140
|
# uses the default value of `false`. The result is that passwords do not
|
140
141
|
# require at least one lowercase character.
|
141
142
|
# @option options [Boolean] :allow_users_to_change_password
|
142
|
-
# Allows all IAM users in your account to use the
|
143
|
-
# change their own passwords. For more
|
144
|
-
# users change their own passwords][1] in
|
143
|
+
# Allows all IAM users in your account to use the Amazon Web Services
|
144
|
+
# Management Console to change their own passwords. For more
|
145
|
+
# information, see [Letting IAM users change their own passwords][1] in
|
146
|
+
# the *IAM User Guide*.
|
145
147
|
#
|
146
148
|
# If you do not specify a value for this parameter, then the operation
|
147
149
|
# uses the default value of `false`. The result is that IAM users in the
|
@@ -325,6 +327,10 @@ module Aws::IAM
|
|
325
327
|
# character (`\u007F`), including most punctuation characters, digits,
|
326
328
|
# and upper and lowercased letters.
|
327
329
|
#
|
330
|
+
# <note markdown="1"> You cannot use an asterisk (*) in the path name.
|
331
|
+
#
|
332
|
+
# </note>
|
333
|
+
#
|
328
334
|
#
|
329
335
|
#
|
330
336
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
|
@@ -1015,8 +1021,8 @@ module Aws::IAM
|
|
1015
1021
|
# The scope to use for filtering the results.
|
1016
1022
|
#
|
1017
1023
|
# To list only Amazon Web Services managed policies, set `Scope` to
|
1018
|
-
# `AWS`. To list only the customer managed policies in your
|
1019
|
-
# `Scope` to `Local`.
|
1024
|
+
# `AWS`. To list only the customer managed policies in your Amazon Web
|
1025
|
+
# Services account, set `Scope` to `Local`.
|
1020
1026
|
#
|
1021
1027
|
# This parameter is optional. If it is not included, or if it is set to
|
1022
1028
|
# `All`, all policies are returned.
|
data/lib/aws-sdk-iam/types.rb
CHANGED
@@ -186,8 +186,9 @@ module Aws::IAM
|
|
186
186
|
# @return [String]
|
187
187
|
#
|
188
188
|
# @!attribute [rw] region
|
189
|
-
# The Region where this access key was most
|
190
|
-
# for this field is "N/A" in the following
|
189
|
+
# The Amazon Web Services Region where this access key was most
|
190
|
+
# recently used. The value for this field is "N/A" in the following
|
191
|
+
# situations:
|
191
192
|
#
|
192
193
|
# * The user does not have an access key.
|
193
194
|
#
|
@@ -196,8 +197,8 @@ module Aws::IAM
|
|
196
197
|
#
|
197
198
|
# * There is no sign-in data associated with the user.
|
198
199
|
#
|
199
|
-
# For more information about Regions, see [Regions
|
200
|
-
# in the Amazon Web Services General Reference.
|
200
|
+
# For more information about Amazon Web Services Regions, see [Regions
|
201
|
+
# and endpoints][1] in the Amazon Web Services General Reference.
|
201
202
|
#
|
202
203
|
#
|
203
204
|
#
|
@@ -574,8 +575,8 @@ module Aws::IAM
|
|
574
575
|
# @return [String]
|
575
576
|
#
|
576
577
|
# @!attribute [rw] new_password
|
577
|
-
# The new password. The new password must conform to the
|
578
|
-
# password policy, if one exists.
|
578
|
+
# The new password. The new password must conform to the Amazon Web
|
579
|
+
# Services account's password policy, if one exists.
|
579
580
|
#
|
580
581
|
# The [regex pattern][1] that is used to validate this parameter is a
|
581
582
|
# string of characters. That string can include almost any printable
|
@@ -583,9 +584,9 @@ module Aws::IAM
|
|
583
584
|
# ASCII character range (`\u00FF`). You can also include the tab
|
584
585
|
# (`\u0009`), line feed (`\u000A`), and carriage return (`\u000D`)
|
585
586
|
# characters. Any of these characters are valid in a password.
|
586
|
-
# However, many tools, such as the
|
587
|
-
# the ability to type certain characters
|
588
|
-
# meaning within that tool.
|
587
|
+
# However, many tools, such as the Amazon Web Services Management
|
588
|
+
# Console, might restrict the ability to type certain characters
|
589
|
+
# because they have special meaning within that tool.
|
589
590
|
#
|
590
591
|
#
|
591
592
|
#
|
@@ -911,9 +912,9 @@ module Aws::IAM
|
|
911
912
|
# ASCII character range (`\u00FF`). You can also include the tab
|
912
913
|
# (`\u0009`), line feed (`\u000A`), and carriage return (`\u000D`)
|
913
914
|
# characters. Any of these characters are valid in a password.
|
914
|
-
# However, many tools, such as the
|
915
|
-
# the ability to type certain characters
|
916
|
-
# meaning within that tool.
|
915
|
+
# However, many tools, such as the Amazon Web Services Management
|
916
|
+
# Console, might restrict the ability to type certain characters
|
917
|
+
# because they have special meaning within that tool.
|
917
918
|
#
|
918
919
|
#
|
919
920
|
#
|
@@ -970,18 +971,19 @@ module Aws::IAM
|
|
970
971
|
# Connect ID tokens. Per the OIDC standard, path components are
|
971
972
|
# allowed but query parameters are not. Typically the URL consists of
|
972
973
|
# only a hostname, like `https://server.example.org` or
|
973
|
-
# `https://example.com`.
|
974
|
+
# `https://example.com`. The URL should not contain a port number.
|
974
975
|
#
|
975
976
|
# You cannot register the same provider multiple times in a single
|
976
|
-
# account. If you try to submit a URL that has
|
977
|
-
# an OpenID Connect provider in the
|
977
|
+
# Amazon Web Services account. If you try to submit a URL that has
|
978
|
+
# already been used for an OpenID Connect provider in the Amazon Web
|
979
|
+
# Services account, you will get an error.
|
978
980
|
# @return [String]
|
979
981
|
#
|
980
982
|
# @!attribute [rw] client_id_list
|
981
|
-
#
|
982
|
-
# app registers with an OpenID Connect provider, they
|
983
|
-
# value that identifies the application.
|
984
|
-
# sent as the `client_id` parameter on OAuth requests.
|
983
|
+
# Provides a list of client IDs, also known as audiences. When a
|
984
|
+
# mobile or web app registers with an OpenID Connect provider, they
|
985
|
+
# establish a value that identifies the application. This is the value
|
986
|
+
# that's sent as the `client_id` parameter on OAuth requests.
|
985
987
|
#
|
986
988
|
# You can register multiple client IDs with the same provider. For
|
987
989
|
# example, you might have multiple applications that use the same OIDC
|
@@ -1010,11 +1012,11 @@ module Aws::IAM
|
|
1010
1012
|
# `server.example.com` and the provider stores its keys at
|
1011
1013
|
# https://keys.server.example.com/openid-connect. In that case, the
|
1012
1014
|
# thumbprint string would be the hex-encoded SHA-1 hash value of the
|
1013
|
-
# certificate used by https://keys.server.example.com
|
1015
|
+
# certificate used by `https://keys.server.example.com.`
|
1014
1016
|
#
|
1015
|
-
# For more information about obtaining the OIDC provider
|
1016
|
-
#
|
1017
|
-
#
|
1017
|
+
# For more information about obtaining the OIDC provider thumbprint,
|
1018
|
+
# see [Obtaining the thumbprint for an OpenID Connect provider][1] in
|
1019
|
+
# the *IAM User Guide*.
|
1018
1020
|
#
|
1019
1021
|
#
|
1020
1022
|
#
|
@@ -1119,6 +1121,10 @@ module Aws::IAM
|
|
1119
1121
|
# DEL character (`\u007F`), including most punctuation characters,
|
1120
1122
|
# digits, and upper and lowercased letters.
|
1121
1123
|
#
|
1124
|
+
# <note markdown="1"> You cannot use an asterisk (*) in the path name.
|
1125
|
+
#
|
1126
|
+
# </note>
|
1127
|
+
#
|
1122
1128
|
#
|
1123
1129
|
#
|
1124
1130
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
|
@@ -3911,7 +3917,7 @@ module Aws::IAM
|
|
3911
3917
|
#
|
3912
3918
|
# @!attribute [rw] create_date
|
3913
3919
|
# The date and time when the IAM OIDC provider resource object was
|
3914
|
-
# created in the account.
|
3920
|
+
# created in the Amazon Web Services account.
|
3915
3921
|
# @return [Time]
|
3916
3922
|
#
|
3917
3923
|
# @!attribute [rw] tags
|
@@ -6594,8 +6600,8 @@ module Aws::IAM
|
|
6594
6600
|
# request.
|
6595
6601
|
#
|
6596
6602
|
# @!attribute [rw] open_id_connect_provider_list
|
6597
|
-
# The list of IAM OIDC provider resource objects defined in the
|
6598
|
-
# account.
|
6603
|
+
# The list of IAM OIDC provider resource objects defined in the Amazon
|
6604
|
+
# Web Services account.
|
6599
6605
|
# @return [Array<Types::OpenIDConnectProviderListEntry>]
|
6600
6606
|
#
|
6601
6607
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListOpenIDConnectProvidersResponse AWS API Documentation
|
@@ -6739,8 +6745,8 @@ module Aws::IAM
|
|
6739
6745
|
# The scope to use for filtering the results.
|
6740
6746
|
#
|
6741
6747
|
# To list only Amazon Web Services managed policies, set `Scope` to
|
6742
|
-
# `AWS`. To list only the customer managed policies in your
|
6743
|
-
# set `Scope` to `Local`.
|
6748
|
+
# `AWS`. To list only the customer managed policies in your Amazon Web
|
6749
|
+
# Services account, set `Scope` to `Local`.
|
6744
6750
|
#
|
6745
6751
|
# This parameter is optional. If it is not included, or if it is set
|
6746
6752
|
# to `All`, all policies are returned.
|
@@ -8132,8 +8138,8 @@ module Aws::IAM
|
|
8132
8138
|
# and GetLoginProfile operations.
|
8133
8139
|
#
|
8134
8140
|
# @!attribute [rw] user_name
|
8135
|
-
# The name of the user, which can be used for signing in to the
|
8136
|
-
# Management Console.
|
8141
|
+
# The name of the user, which can be used for signing in to the Amazon
|
8142
|
+
# Web Services Management Console.
|
8137
8143
|
# @return [String]
|
8138
8144
|
#
|
8139
8145
|
# @!attribute [rw] create_date
|
@@ -9813,7 +9819,8 @@ module Aws::IAM
|
|
9813
9819
|
# @return [Time]
|
9814
9820
|
#
|
9815
9821
|
# @!attribute [rw] region
|
9816
|
-
# The name of the Region in which the role was
|
9822
|
+
# The name of the Amazon Web Services Region in which the role was
|
9823
|
+
# last used.
|
9817
9824
|
# @return [String]
|
9818
9825
|
#
|
9819
9826
|
# @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/RoleLastUsed AWS API Documentation
|
@@ -10347,14 +10354,14 @@ module Aws::IAM
|
|
10347
10354
|
#
|
10348
10355
|
# @!attribute [rw] global_endpoint_token_version
|
10349
10356
|
# The version of the global endpoint token. Version 1 tokens are valid
|
10350
|
-
# only in Regions that are available by default.
|
10351
|
-
# work in manually enabled Regions, such as Asia
|
10352
|
-
# Version 2 tokens are valid in all Regions.
|
10353
|
-
# are longer and might affect systems where
|
10354
|
-
# tokens.
|
10357
|
+
# only in Amazon Web Services Regions that are available by default.
|
10358
|
+
# These tokens do not work in manually enabled Regions, such as Asia
|
10359
|
+
# Pacific (Hong Kong). Version 2 tokens are valid in all Regions.
|
10360
|
+
# However, version 2 tokens are longer and might affect systems where
|
10361
|
+
# you temporarily store tokens.
|
10355
10362
|
#
|
10356
|
-
# For information, see [Activating and deactivating STS in an
|
10357
|
-
# Region][1] in the *IAM User Guide*.
|
10363
|
+
# For information, see [Activating and deactivating STS in an Amazon
|
10364
|
+
# Web Services Region][1] in the *IAM User Guide*.
|
10358
10365
|
#
|
10359
10366
|
#
|
10360
10367
|
#
|
@@ -10563,17 +10570,17 @@ module Aws::IAM
|
|
10563
10570
|
# @return [String]
|
10564
10571
|
#
|
10565
10572
|
# @!attribute [rw] resource_owner
|
10566
|
-
# An ARN representing the account ID that
|
10567
|
-
# simulated resource that does not identify
|
10568
|
-
# ARN. Examples of resource ARNs include an
|
10569
|
-
# `ResourceOwner` is specified, it is also
|
10570
|
-
# of any `ResourcePolicy` included in the
|
10571
|
-
# `ResourceOwner` parameter is not specified, then
|
10572
|
-
# resources and the resource policy defaults to the
|
10573
|
-
# identity provided in `CallerArn`. This parameter is
|
10574
|
-
# you specify a resource-based policy and account
|
10575
|
-
# resource is different from the account that owns the
|
10576
|
-
# calling user `CallerArn`.
|
10573
|
+
# An ARN representing the Amazon Web Services account ID that
|
10574
|
+
# specifies the owner of any simulated resource that does not identify
|
10575
|
+
# its owner in the resource ARN. Examples of resource ARNs include an
|
10576
|
+
# S3 bucket or object. If `ResourceOwner` is specified, it is also
|
10577
|
+
# used as the account owner of any `ResourcePolicy` included in the
|
10578
|
+
# simulation. If the `ResourceOwner` parameter is not specified, then
|
10579
|
+
# the owner of the resources and the resource policy defaults to the
|
10580
|
+
# account of the identity provided in `CallerArn`. This parameter is
|
10581
|
+
# required only if you specify a resource-based policy and account
|
10582
|
+
# that owns the resource is different from the account that owns the
|
10583
|
+
# simulated calling user `CallerArn`.
|
10577
10584
|
#
|
10578
10585
|
# The ARN for an account uses the following syntax:
|
10579
10586
|
# `arn:aws:iam::AWS-account-ID:root`. For example, to represent the
|
@@ -10880,17 +10887,17 @@ module Aws::IAM
|
|
10880
10887
|
# @return [String]
|
10881
10888
|
#
|
10882
10889
|
# @!attribute [rw] resource_owner
|
10883
|
-
# An account ID that specifies the owner of any
|
10884
|
-
# that does not identify its owner in the resource
|
10885
|
-
# resource ARNs include an S3 bucket or object. If
|
10886
|
-
# specified, it is also used as the account owner
|
10887
|
-
# `ResourcePolicy` included in the simulation. If the
|
10888
|
-
# parameter is not specified, then the owner of the
|
10889
|
-
# resource policy defaults to the account of the
|
10890
|
-
# `CallerArn`. This parameter is required only if
|
10891
|
-
# resource-based policy and account that owns the
|
10892
|
-
# different from the account that owns the simulated
|
10893
|
-
# `CallerArn`.
|
10890
|
+
# An Amazon Web Services account ID that specifies the owner of any
|
10891
|
+
# simulated resource that does not identify its owner in the resource
|
10892
|
+
# ARN. Examples of resource ARNs include an S3 bucket or object. If
|
10893
|
+
# `ResourceOwner` is specified, it is also used as the account owner
|
10894
|
+
# of any `ResourcePolicy` included in the simulation. If the
|
10895
|
+
# `ResourceOwner` parameter is not specified, then the owner of the
|
10896
|
+
# resources and the resource policy defaults to the account of the
|
10897
|
+
# identity provided in `CallerArn`. This parameter is required only if
|
10898
|
+
# you specify a resource-based policy and account that owns the
|
10899
|
+
# resource is different from the account that owns the simulated
|
10900
|
+
# calling user `CallerArn`.
|
10894
10901
|
# @return [String]
|
10895
10902
|
#
|
10896
10903
|
# @!attribute [rw] caller_arn
|
@@ -11913,9 +11920,10 @@ module Aws::IAM
|
|
11913
11920
|
# @return [Boolean]
|
11914
11921
|
#
|
11915
11922
|
# @!attribute [rw] allow_users_to_change_password
|
11916
|
-
# Allows all IAM users in your account to use the
|
11917
|
-
# to change their own passwords. For more
|
11918
|
-
# IAM users change their own passwords][1]
|
11923
|
+
# Allows all IAM users in your account to use the Amazon Web Services
|
11924
|
+
# Management Console to change their own passwords. For more
|
11925
|
+
# information, see [Letting IAM users change their own passwords][1]
|
11926
|
+
# in the *IAM User Guide*.
|
11919
11927
|
#
|
11920
11928
|
# If you do not specify a value for this parameter, then the operation
|
11921
11929
|
# uses the default value of `false`. The result is that IAM users in
|
@@ -12123,8 +12131,9 @@ module Aws::IAM
|
|
12123
12131
|
# carriage return (`\u000D`)
|
12124
12132
|
#
|
12125
12133
|
# However, the format can be further restricted by the account
|
12126
|
-
# administrator by setting a password policy on the
|
12127
|
-
# information, see
|
12134
|
+
# administrator by setting a password policy on the Amazon Web
|
12135
|
+
# Services account. For more information, see
|
12136
|
+
# UpdateAccountPasswordPolicy.
|
12128
12137
|
#
|
12129
12138
|
#
|
12130
12139
|
#
|
data/lib/aws-sdk-iam/user.rb
CHANGED
@@ -439,8 +439,9 @@ module Aws::IAM
|
|
439
439
|
# character range (`\u00FF`). You can also include the tab (`\u0009`),
|
440
440
|
# line feed (`\u000A`), and carriage return (`\u000D`) characters. Any
|
441
441
|
# of these characters are valid in a password. However, many tools, such
|
442
|
-
# as the Management Console, might restrict the
|
443
|
-
# characters because they have special meaning
|
442
|
+
# as the Amazon Web Services Management Console, might restrict the
|
443
|
+
# ability to type certain characters because they have special meaning
|
444
|
+
# within that tool.
|
444
445
|
#
|
445
446
|
#
|
446
447
|
#
|
data/lib/aws-sdk-iam.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-iam
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.61.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.120.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.120.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -99,7 +99,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
99
99
|
requirements:
|
100
100
|
- - ">="
|
101
101
|
- !ruby/object:Gem::Version
|
102
|
-
version: '
|
102
|
+
version: '2.3'
|
103
103
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
104
104
|
requirements:
|
105
105
|
- - ">="
|